Trusted computing: Challenges & solutions

Most citizens of the world today are fighting for – either by battling viruses, spam, phishing or other malware, or by fending off schemes to compromise privacy and extract confidential information.With these worries in mind, the Trusted Computing Group (TCG) was established to develop specifications for trusted computing building blocks and software interfaces that could address the problems and aims to enhance security by using the transitive properties of trust. Unfortunately Trusted Computing is a young technology and struggling with some drawbacks. There are major issues related to technical as well commercial that need to be addressed seriously and carefully.From user’s perspective, TC was introduced from desire to prevent users from freely sharing and using potentially technology and seems will introduce more benefits to vendors and large corporations.The main legal concerns are copyright, anti-trust law, data privacy law and digital rights management, the impact on which are not yet clear. This paper will discuss the challenges that currently faced with Trusted Computing in all aspects from different perspective and at the same time provide several solutions to overcome the challenges

Trust Model in Cloud Computing Environment Based on Fuzzy Theory

Recent years have witnessed the development of cloud computing. However,there also come some security concerns in cloud computing environment, suchas emerging network attacks and intrusions, and instable cloud service provision dueto flexible cloud infrastructure and resources. To this end, we research on the trustedcomputing in cloud computing environment. Specifically, in this paper, we proposea trust model based on virtual machines, with two considerations. First, we introducetimeliness strategy to ensure the response time and also minimize the idle timeof servers. Second, we extend the linear trust chain by differentiating the trust ofthe platform domain and user domain. Besides, we develop a fuzzy theory basedmethod to calculate the trust value of cloud service providers. We also conduct someexperiments to evaluate our method

Digital Trust - Trusted Computing and Beyond A Position Paper

Along with the invention of computers and interconnected networks, physical societal notions like security, trust, and privacy entered the digital environment. The concept of digital environments begins with the trust (established in the real world) in the organisation/individual that manages the digital resources. This concept evolved to deal with the rapid growth of the Internet, where it became impractical for entities to have prior offline (real world) trust. The evolution of digital trust took diverse approaches and now trust is defined and understood differently across heterogeneous domains. This paper looks at digital trust from the point of view of security and examines how valid trust approaches from other domains are now making their way into secure computing. The paper also revisits and analyses the Trusted Platform Module (TPM) along with associated technologies and their relevance in the changing landscape. We especially focus on the domains of cloud computing, mobile computing and cyber-physical systems. In addition, the paper also explores our proposals that are competing with and extending the traditional functionality of TPM specifications

e-EMV: Emulating EMV for Internet payments using Trusted Computing technology v-2

The introduction of EMV-compliant payment cards, with their improved cardholder verification and card authentication capabilities, has resulted in a dramatic reduction in the levels of fraud seen at Point of Sale (PoS) terminals across Europe. However, this reduction has been accompanied by an alarming increase in the level of fraud associated with Internet-based Card Not Present (CNP) transactions. This increase is largely attributable to the weaker authentication pro- cedures involved in CNP transactions. This paper shows how the functionality associated with EMV-compliant payment cards can be securely emulated in software on platforms supporting Trusted Com- puting technology. We describe a detailed system architecture encom- passing user enrollment, card deployment (in the form of software), card activation, and subsequent transaction processing. Our proposal is compatible with the existing EMV transaction processing architec- ture, and thus integrates fully and naturally with already deployed EMV infrastructure. We show that our proposal, which effectively makes available the full security of PoS transactions for Internet-based CNP transactions, has the potential to significantly reduce the oppor- tunity for fraudulent CNP transactions

Pervasively Distributed Copyright Enforcement

In an effort to control flows of unauthorized information, the major copyright industries are pursuing a range of strategies designed to distribute copyright enforcement functions across a wide range of actors and to embed these functions within communications networks, protocols, and devices. Some of these strategies have received considerable academic and public scrutiny, but much less attention has been paid to the ways in which all of them overlap and intersect with one another. This article offers a framework for theorizing this process. The distributed extension of intellectual property enforcement into private spaces and throughout communications networks can be understood as a new, hybrid species of disciplinary regime that locates the justification for its pervasive reach in a permanent state of crisis. This hybrid regime derives its force neither primarily from centralized authority nor primarily from decentralized, internalized norms, but instead from a set of coordinated processes for authorizing flows of information. Although the success of this project is not yet assured, its odds of success are by no means remote as skeptics have suggested. Power to implement crisis management in the decentralized marketplace for digital content arises from a confluence of private and public interests and is amplified by the dynamics of technical standards processes. The emergent regime of pervasively distributed copyright enforcement has profound implications for the production of the networked information society

Authorisation Issues for Mobile Code in Mobile Systems

This thesis is concerned with authorisation issues for mobile code in mobile systems. It is divided into three main parts. Part I covers the development of a policy-based framework for the authorisation of mobile code and agents by host systems. Part II addresses the secure download, storage and execution of a conditional access application, used in the secure distribution of digital video broadcast content. Part III explores the way in which trusted computing technology may be used in the robust implementation of OMA DRM version 2. In part I of this thesis, we construct a policy-based mobile code and agent authorisation framework, with the objective of providing both mobile devices and service providers with the ability to assign appropriate privileges to incoming executables. Whilst mobile code and agent authorisation mechanisms have previously been considered in a general context, this thesis focuses on the special requirements resulting from mobile code and agent authorisation in a mobile environment, which restrict the types of solutions that may be viable. Following the description and analysis of a number of architectural models upon which a policy-based framework for mobile code and agent authorisation may be constructed, we outline a list of features desirable in the definitive underlying architecture. Specific implementation requirements for the capabilities of the policy and attribute certificate specification languages and the associated policy engine are then extracted. Candidate policy specification languages, namely KeyNote (and Nereus), Ponder (and (D)TPL) and SAML are then examined, and conclusions drawn regarding their suitability for framework expression. Finally, the definitive policy based framework for mobile code and agent authorisation is described. In the second part of this thesis, a flexible approach that allows consumer products to support a wide range of proprietary content protection systems, or more specifically digital video broadcast conditional access systems, is proposed. Two protocols for the secure download of content protection software to mobile devices are described. The protocols apply concepts from trusted computing to demonstrate that a platform is in a sufficiently trustworthy state before any application or associated keys are securely downloaded. The protocols are designed to allow mobile devices to receive broadcast content protected by proprietary conditional access applications. Generic protocols are first described, followed by an analysis of how well the downloaded code is protected in transmission. How the generic protocols may be implemented using specific trusted computing technologies is then investigated. For each of the selected trusted computing technologies, an analysis of how the conditional access application is protected while in storage and while executing on the mobile host is also presented. We then examine two previously proposed download protocols, which assume a mobile receiver compliant with the XOM and AEGIS system architectures. Both protocols are then analysed against the security requirements defined for secure application download, storage and execution. We subsequently give a series of proposed enhancements to the protocols which are designed to address the identified shortcomings. In the final section of this thesis, we examine OMA DRM version 2, which defines the messages, protocols and mechanisms necessary in order to control the use of digital content in a mobile environment. However, an organisation, such as the CMLA, must specify how robust implementations of the OMA DRM version 2 specification should be, so that content providers can be confident that their content will be safe on OMA DRM version 2 devices. We take the requirements extracted for the robust implementation of the OMA DRM version 2 specification and propose an implementation which meets these requirements using the TCG architecture and TPM/TSS version 1.2 commands

Tisa: Toward Trustworthy Services in a Service-Oriented Architecture

Verifying whether a service implementation is conforming to its service-level agreements is important to inspire confidence in services in a service-oriented architecture (SoA). Functional agreements can be checked by observing the published interface of the service, but other agreements that are more non-functional in nature, are often verified by deploying a monitor that observes the execution of the service implementation. A problem is that such a monitor must execute in an untrusted environment. Thus, integrity of the results reported by such a monitor crucially depends on its integrity. We contribute an extension of the traditional SoA, based on hardware-based root of trust, that allows clients, brokers and providers to negotiate and validate the integrity of a requirements monitor executing in an untrusted environment. We make two basic claims: first, that it is feasible to realize our approach using existing hardware and software solutions, and second, that integrity verification can be done at a relatively small overhead. To evaluate feasibility, we have realized our approach using current software and hardware solutions. To measure overhead, we have conducted a case study using a collection of Web service implementations available with Apache Axis implementation

Design and evaluation of information flow signature for secure computation of applications

This thesis presents an architectural solution that provides secure and reliable execution of an application that computes critical data, in spite of potential hardware and software vulnerabilities. The technique does not require source code of or specifications about the malicious library function(s) called during execution of an application. The solution is based on the concept of Information Flow Signatures (IFS). The technique uses both a model-checker-based symbolic fault injection analysis tool called SymPLFIED to generate an IFS for an application or operating system, and runtime signature checking at the level of hardware to protect the integrity of critical data. The runtime checking is implemented in the IFS module. Reliable computation of data is ensured by the critical value re-computation (CVR) module. Prototype implementation of the signature checking and reliability module on a soft processor within an FPGA incurs no performance overhead and about 12% chip area overhead. The security module itself incurs about 7.5% chip area overhead. Performance evaluations indicate that the IFS module incurs as little as 3-4% overhead compared to 88-100% overhead when the runtime checking is implemented as a part of software. Preliminary testing indicates that the technique can provide 100% coverage for insider attacks that manifest as memory corruption and change the architectural state of the processor. Hence the IFS and CVR implementation offers a flexible, low-overhead, high-coverage method for ensuring reliable and secure computing